In 2020, the SolarWinds hack really shook the industry. It was a massive software supply chain attack, and it made clear that we needed to focus more on how DevOps could be attacked and defended. From 2020 through 2023, I did a lot of research in that area and presented at Black Hat USA and Europe.

By 2024, though, AI and machine learning were becoming much more central. Organizations were building custom models for products and services, things like driver assistance systems in cars. I started asking: how are these models being developed and deployed, and what systems support them? Because those systems are the next thing attackers will target.

Imagine a widespread model supply chain attack, where poisoned models impact organizations all over the world. That’s why I shifted to MLOps, focusing on the systems used to develop and deploy machine learning models.

My prior DevOps research has helped, because the two areas are often connected. A lot of organizations use DevOps to support MLOps, so there’s interoperability. Over the last year and a half, I’ve really focused on MLOps—publishing a white paper, blog posts and with [IBM X-Force’s] Chris Thompson teaching the first Black Hat training course on attacking and defending MLOps systems.